主权项 |
1. A method performed by data processing apparatus, the method comprising: maintaining information including (i) a set of one or more resources to which a network policy applies, and (ii) a set of one or more Internet Protocol (IP) addresses, wherein each resource is associated with one or more of the IP addresses; monitoring domain name service (DNS) responses; generating, from the monitored DNS responses, data identifying (i) a new resource, or (ii) one or more new IP addresses, or (iii) both a new resource and one or more new IP addresses, wherein each new IP address is associated with either a resource in the set of one or more resources, or the new resource; updating the maintained information based on the data received from the DNS; receiving a request from a client device on the network for a requested resource identified by a requested IP address; determining that the requested IP address matches one of the IP addresses in the set of one or more IP addresses; identifying a particular resource associated with the matched IP address; identifying a particular network policy applies; and applying the identified particular network policy to the received request; further comprising: receiving, from a DNS server, data identifying (i) a new resource, or (ii) one or more new IP addresses, or (iii) both a new resource and one or more new IP addresses, wherein each new IP address is associated with either a resource in the set of one or more resources, or the new resource; and updating the maintained information based on the data generated from the DNS responses, wherein the DNS responses are received from DNS servers outside of the network. |